Softpedia >Mac >Internet Utilities >web2ldap >  Changelog

web2ldap Changelog

What's new in web2ldap 1.2.44

Dec 22, 2015
  • New plugin class for olcPPolicyDefault checks whether attribute value references existing pwdPolicy entry.
  • Plugin class for namingContexts also registered for attribute olcSuffix used by OpenLDAP's back-config.
  • Plugin class for auditContext also registered for attribute olcAccessLogDB used by OpenLDAP's back-config.
  • When displaying a single entry the same search_filter and no_cache argument is now used when additionally reading potentially hidden operational attributes.
  • Usage of host-/backend-specific parameter requested_attrs has changed when displaying a single entry:
  • Only attributes which were not read with prior search operation and which are part of the subschema are really used when additionally reading potentially hidden operational attributes.
  • If Python modules stdnum and vatnumber are installed then function vatnumber.check_vat() is used to check values in attribute euVATId instead of regex check.

New in web2ldap 1.2.38 (Aug 17, 2015)

  • Only write LDAPSession.__dict__ to error log if there is a valid LDAPSession instance.
  • Improved output for empty results and errors when locating LDAP servers with DNS queries.
  • When searching in OpenLDAP's accesslog DB for Æ-DIR changes the DN is changed to trigger correct configuration cascade.
  • Small modifications to plugin module for Æ-DIR.
  • Plugin class for attribute mail now automagically encodes and decodes non-ASCII chars in the domain part as IDNA.
  • Plugin class for attribute reqEntryUUID does not display a serch link in search result listing anymore.
  • Fixed UnicodeError when presenting re-login form during handling ldap.INSUFFICIENT_ACCESS.

New in web2ldap 1.2.33 (Jul 8, 2015)

  • New base plugin class for IANA-registered hash algorithm OIDs.
  • New base plugin class for HMAC algorithm OIDs.
  • Updated LDIF and HTML templates and plugin module for new OATH-LDAP schema work.
  • Plugin class DistinguishedName can now generate links for searching back-link entries by just setting class attribute ref_attrs.

New in web2ldap 1.2.32 (Jun 18, 2015)

  • Fixed regression when determining length of form value for Integer input fields.
  • Added plugin module, HTML templates for OATH-LDAP.
  • Removed script sbin/compile.py because compiling is better done with python -m compileall (see module compileall used with command-line).
  • Unified she-bang lines in all exectuable Python scripts (sbin/ and fcgi/).
  • HTTPS links are used for all OpenLDAP and Wikipedia links.

New in web2ldap 1.2.27 (May 18, 2015)

  • Corrected DIT structure rules in Æ-DIR supplemental schema.
  • Set maxLen for plugin classes of dc and associatedDomain etc. according to clarifications in RFC 2181.
  • Updated fallback schema file localschema.ldif especially the FreeRADIUS and the Federated File Systems schema.
  • Separate plugin class for cNAMERecord to restrict input to one value.
  • Code cleaning in LDAPSession.bind() etc. to allow subclasses to easily override new method LDAPSession.getBindDN().
  • Relaxed determining input size for Integer input fields, especially for entering time span strings.

New in web2ldap 1.2.26 (Apr 30, 2015)

  • Exception ldap.UNAVAILABLE_CRITICAL_EXTENSION now simply ignored when reading rootDSE.
  • New base plugin classes NotBefore and NotAfter used in plugin modules aedir and sudoers.
  • Some minor improvements to default CSS theme.

New in web2ldap 1.2.25 (Apr 20, 2015)

  • Cleaned up building the set of ignored attributes when modifying an entry. This fixes a regression with Relax Rules control enabled.
  • More search links when displaying DNS/DHCP related attributes.
  • data URI scheme (see RFC 2397) is now used when image data is less than treshold set in class attribute Image.inline_maxlen (currently 630 bytes).
  • Cleaned up method GeneralizedTime.displayValue() to correctly call base class method for fall-back.
  • New plugin class for pwdAccountLockedTime.

New in web2ldap 1.2.22 (Mar 2, 2015)

  • Removed HTML tag attribute autofocus from all HTML templates because it interferes the hidden skip navigation links.
  • Added krbCanonicalName to Kerberos search form template.
  • Eliminated hard-coded DNs in plugin module for Æ-DIR.
  • Added LDIF template for X.509 CA entries based on applicationProcess and pkiCA.
  • Added specific search form template for MS AD (see search context menu).
  • Stricter IA5 String validation.
  • Added read and input form HTML template for inetLocalMailRecipient.
  • Added to top section template:
  • for mobile displays

New in web2ldap 1.2.21 (Feb 11, 2015)

  • Unnecessary tags are avoided when generating input forms.
  • Fixed/improved DNS RR search links in plugin class for dhcpOption and dhcpStatements.
  • Plugin class registration for attribute types can now be limited to certain structural object classes. This is backward-compatible and does not affect existing plugin modules.
  • New mix-in plugin class w2lapp.schema.syntaxes.ComposedAttribute composes attributes values from other attribute values within an entry. Obviously this only works for single value attributes.
  • New plugin module w2lapp.schema.plugins.inetorgperson with plugin classes derived from ComposedAttribute generating values for attributes cn and displayValue.
  • Added HTML templates for posixGroup.
  • Added skip navigation links to top of page to ease jumping to content and menu areas (see WAI quick ref.).
  • Merged Æ-DIR customization:
  • New plugin module w2lapp.schema.plugins.aedir
  • LDIF and HTML templates
  • Example configuration

New in web2ldap 1.2.20 (Feb 7, 2015)

  • Compacted LDAP connection info in [ConnInfo].
  • Added search form template for MIT Kerberos schema.
  • Hit list of remote IPs seen displayed in monitor page.
  • Added LDAP_SERVER_LAZY_COMMIT_OID as supported value-less control.
  • Fixed a couple of misregistrations of plugin classes.
  • A warning is written to stderr during startup when importing site-specific configuration module web2ldapcnf.local fails.
  • Uniqueness checks performed when registering plugin classes:
  • Syntax class oid must not re-used. An exception is raised in this case which gives details about the parameters used.
  • A warning is written to stderr when overriding a formerly registered plugin class for an attribute type.

New in web2ldap 1.2.18 (Jan 27, 2015)

  • Fixed again generating input form values for associatedDomain.
  • Plugin class for associatedDomain now displays links to search matching A RR entries for reverse DNS RR entries (.in-addr.arpa).
  • Fixed regression when displaying error message in schema viewer.
  • New plugin classes for attribute types member and memberOf.

New in web2ldap 1.2.17 (Jan 26, 2015)

  • Implemented per remote IP session limits additionally to the global limit. This requires new global parameter session_per_ip_limit to be set in your configuration.
  • OctetString values are now displayed as a proper hex-dump with offset and ASCII excerpt.
  • Registered more Kerberos attribute types with Timespan plugin class.
  • Fixed some small issues found with pychecker.

New in web2ldap 1.2.16 (Jan 23, 2015)

  • Fixed plugin class registration bug which could lead to IOError exception.
  • Major changes to displaying of search results:
  • Detailed view of search parameters and the export form is provided at end of page. An intra-document link points to that section. Mainly this saves vertical space at top of page.
  • An equivalent ldapsearch command-line is generated based on the search parameters which is only compatible with OpenLDAP's command-line tool though.
  • Some minor fixes in HTML markup.
  • More minor improvements in DIT browser.
  • Start of main and top anchor are now part of top_template. This makes the top link always work independent of the CSS layout.
  • Small HTML fixes here and there.

New in web2ldap 1.2.15 (Jan 21, 2015)

  • Added workaround in DIT browser for servers which return search results for one-level search below an empty root DN.
  • Limits/error handling of DIT browser more robust now (ldap.ADMINLIMIT_EXCEEDED etc.).
  • DIT_MAX_LEVELS is now enforced in DIT browser.
  • For the current selected DN the link is now for collapsing the sub-tree (simply browse from parent entry).
  • Intra-document links are displayed in "Syntax check failed" which point to the attribute's input field. This is helpful for the user if HTML templates are used for input names without mentioning real attribute names.
  • Some minor improvements to default CSS theme.
  • For all [Up] and [Down] links the advanced search form is used now.

New in web2ldap 1.2.13 (Jan 20, 2015)

  • Added very basic DIT browser reachable with [Tree] in main menu. This is a rather useless feature if you have more than a handful of entries. But many people seem to be keen to waste their time clicking around in their web browser instead of using a proper search.

New in web2ldap 1.2.12 (Jan 19, 2015)

  • Fixed UnicodeError exception when adding entries below a DN with non-ASCII chars.
  • Finally a new default CSS theme was made (overdue for 1.2.x). Hope you like it.
  • The old 1.1 CSS theme can still be found in file white-on-green.css.
  • Added plugin class for sSHFPRecord.
  • Schema viewer now points to advanced search form for searching by attribute type existence or object class.
  • When generating select fields for attribute types unnecessary sorting is avoided, value uniqueness is ensured and sorting is done case-insensitive.
  • All input HTML templates now make extensive use of and tags instead of sub headings to group related input fields.

New in web2ldap 1.2.11 (Jan 16, 2015)

  • Fixed unhandled exception when displaying dhcpStatement value with no space-separated value.
  • Fixed generating input form values for associatedDomain.
  • Fixed/improved some HTML search form templates.
  • Added plugin class for mXRecord.
  • Added additional safety check for invalid key string in HTML template dictionary.
  • Added example configuration snippet for accessing web2ldap running as external FastCGI responder via lighttpd.
  • Added script sbin/web2ldap_postinstall.sh which adds demon user/group, creates directories and fixes ownership/permissions.
  • Added select list plugin class for NIS attribute ipServiceProtocol.
  • Added inputform template for dNSDomain2.
  • Updated fallback schema file localschema.ldif.
  • HTTPS links are used for all IETF docs, PyPI and Google code links.
  • Added HTML templates for object classes namedObject and namedPolicy (defined in draft-stroeder-namedobject)
  • Added HTML templates for object class groupOfNames.

New in web2ldap 1.2.10 (Dec 29, 2014)

  • Fixed case-insensitive syntax checking of attribute dhcpHWAddress.
  • Added link for search PTR RR entry when displaying attributes aRecord and aAAARecord.
  • Plugin class for associatedDomain now displays link to search referencing DNS RR entries.
  • Improved suggesting reasonable input values for associatedDomain based on domain entries with attributes nSRecord or sOARecord found.
  • Added ssh-ed25519 to validation regex pattern for sshPublicKey.
  • Plugin class for dhcpStatements and dhcpOptions now displays link to search related DNS RR entries for DHCP options host-name and fixed-address.
  • Env vars HTTP_X_REAL_IP, HTTP_FORWARDED_FOR, HTTP_X_FORWARDED_FOR are derived from HTTP headers to get the real client IP address when running in stand-alone mode behind a proxy.
  • Many small improvements to docs, config examples and a new wrapper script around spawn-fcgi for running as a separate FastCGI process.
  • FastCGI process starts even when configured PID file cannot be written.
  • Added example configuration snippet for accessing web2ldap running as external FastCGI responder via nginx.

New in web2ldap 1.2.9 (Dec 13, 2014)

  • In case something goes wrong when reading LDIF templates the name of the template is displayed in the error message.
  • Importing non-standard lib modules before extending sys.path is now avoided.
  • Added LDIF template for entry with object class olcModuleList (for OpenLDAP's back-config).
  • Added LDIF and HTML templates for various DHCP entries / object classes.
  • Added entryDN to HTML templates for structural object classes.
  • Registered multi-line plugin class for dhcpOption, dhcpOptions and dhcpStatements.
  • Include more LAN types in regex for dhcpHWAddress.
  • Corrected installation instructions and current version number is used everywhere.

New in web2ldap 1.2.7 (Nov 29, 2014)

  • New parameter groupadm_optgroup_bounds for defining the DN component slice to use to generate the in group administration.
  • New plugin class for namingContexts displays link to search accompanying OpenLDAP's database configuration entries.
  • Fixed unhandled exception when choosing printable output of search results.
  • Small improvements to plugin class for associatedDomain.
  • Added work-around to always ignore non-empty configuration value requested_attrs when cloning an entry.

New in web2ldap 1.2.1 (Oct 11, 2014)

  • Fixed sanitizing input values in case of equality search on OctetString syntaxes.

New in web2ldap 1.2.0 (Oct 6, 2014)

  • The following changes to local system installation/configuration are required:
  • Update will break your existing installation/configuration!
  • Upgrade to Python 2.7.0 or newer.
  • Upgrade to python-ldap 2.4.14 or newer.
  • Old separate TLS configuration parameters were obsoleted by new parameter tls_options.
  • New features/enhancements:
  • Implemented multi-session cookie handling with cross-checking against web2ldap's session ID to prevent attacks in case web server's access logs is not kept confidential. Cookie usage is enabled by setting cookie_length to a non-zero cookie value length.
  • Now more TLS options can be set by using the more flexible host-/backend-specific parameter tls_options.
  • Input form entry data now processed in different steps to give plugin classes access to more attributes in the different stages. Especially there's a new method LDAPSyntax.transmute() which has guaranteed access to the whole entry and will be called several times if needed to make composing attributes values possible.
  • The sequence of keys used to determine HTML templates from input_template and read_template is now first the single STRUCTURAL object class followed by all non-STRUCTURAL object classes.
  • New context menu item [Clone] when displaying a single entry leads to add form being displayed with the old entry used as template.
  • HTTP headers pre-configured with http_headers are now consequently used for every HTTP response generated.
  • Bulk modification/moving of entries derived from search results. New context menu item [Bulk modify] is shown when displaying search results.
  • Bulk deleting of entries derived from search results. New context menu item [Delete] is shown when displaying search results.
  • New host-/backend-specific configuration parameter schema_supplement allows to extend the subschema with the content of a locally installed LDIF file.
  • New host-/backend-specific configuration parameter schema_strictcheck to deal with buggy subschema in some LDAP servers (e.g. issue #47811 in 389-DS).
  • Monitor page now shows maximum of concurrent sessions and how many sessions were removed after timeout in the session counter table.
  • New host-/backend-specific configuration parameter naming_contexts allows to set list of fake namingContexts values.
  • When starting in stand-alone mode the hostname in command-line option -l is now fully honored to determine SERVER_NAME and thus the cookie domain.
  • This works around a cookie issue with Google Chrome etc. when listening just on 127.0.0.1. You can now add e.g. localhost.localdomain to your /etc/hosts and set the hostname with -l.
  • Plugin classes SelectList and friends now support additional option title. In particular DynamicValueSelectList looks for attributes description or info to determine the option title.
  • Former configuration template files/snippets defined with status_template, html_begin_template and link_css are now all consolidated in one HTML template top_template.
  • The redirect page can also be defined with a HTML template file referenced by redirect_template.
  • Added OpenSearch example file.
  • "Don't Use Copy" control is used if readable in rootDSE attribute supportedControl when reading an entry before presenting modification input form. OIDs from RFC 6171 and OpenLDAP experimental are supported.
  • Dropped features:
  • Support for normally unused parameter web2ldapcnf.misc.sec_expire was removed also due to security issues with setting it to non-zero value.
  • Host-/backend-specific parameter now login_default_mech obsolete. You can specify a default login mechanism in the HTML template referenced by login_template.
  • Changes in the UI:
  • Full bookmark links are now generated and added as link to section and in the displayed status area.
  • When choosing [Modify] from the context menu the entry input form is shown directly.
  • The entry input form now provides [+] and [-] buttons for easier input handling of multi-valued attributes.
  • The entry input form now provides a button [Classes] for changing the set of chosen object classes.
  • New plugin class AuthzDN additionally displays a description of the referenced entry. Registered for the following attribute types: creatorsName, modifiersName, reqAuthzID, monitorConnectionAuthzDN
  • If the user submitted a search form without assertion values the same search form is re-displayed now.
  • When displaying search results the context menu now has a new menu item [Modify Search] which allows to edit the search input in an advanced search form if base or advanced search form was used before.
  • No context menu anymore displayed along with input form for new entry.
  • mailto: links only displayed along with search results if not only partial results were retrieved. Adding a mail address more than once is avoided.
  • When adding a new entry two different forms are available for choosing the object classes:
  • Templates:
  • Displays a radio button list to choose from pre-configured LDIF templates
  • Expert:
  • Displays multi-select lists for choosing the object classes manually.
  • Bugs fixed:
  • Better error handling when exporting data to e.g. avoid HTML error messages appearing in LDIF export.
  • More graceful handling of errors when accessing a LDAP server with very paranoid security settings (no anon bind, explicit bind required, etc.).
  • Security:
  • Whereever possible the class random.SystemRandom is now used for generating random stuff.

New in web2ldap 1.2.0 Pre (Mar 8, 2014)

  • New features/enhancements:
  • Implemented multi-session cookie handling with cross-checking against web2ldap's session ID to prevent attacks in case web server's access logs is not kept confidential. Cookie usage is enabled by setting cookie_length to a non-zero cookie value length.
  • Now more TLS options can be set by using the more flexible host-/backend-specific parameter tls_options.
  • Input form entry data now processed in different steps to give plugin classes access to more attributes in the different stages. Especially there's a new method LDAPSyntax.transmute() which has guaranteed access to the whole entry and will be called several times if needed to make composing attributes values possible.
  • The sequence of keys used to determine HTML templates from input_template and read_template is now first the single STRUCTURAL object class followed by all non-STRUCTURAL object classes.
  • New context menu item [Clone] when displaying a single entry leads to add form being displayed with the old entry used as template.
  • Whereever possible the class random.SystemRandom is now used for generating random stuff.
  • Dropped features:
  • Support for normally unused parameter web2ldapcnf.misc.sec_expire was removed also due to security issues with setting it to non-zero value.
  • Changes in the UI:
  • The entry input form now provides [+] and [-] buttons for easier input handling of multi-valued attributes.
  • New plugin class AuthzDN additionally displays a description of the referenced entry. Registered for the following attribute types:
  • creatorsName
  • modifiersName
  • reqAuthzID
  • monitorConnectionAuthzDN
  • If the user submitted a search form without assertion values the same search form is re-displayed now.
  • When displaying search results the context menu now has a new menu item [Modify Search] which allows to edit the search input in an advanced search form if base or advanced search form was used before.
  • No context menu anymore displayed along with input form for new entry.
  • When adding a new entry two different forms are available for choosing the object classes:
  • Templates:
  • Displays a radio button list to choose from pre-configured LDIF templates
  • Expert:
  • Displays multi-select lists for choosing the object classes manually.
  • Bugs fixed:
  • Better error handling when exporting data to e.g. avoid HTML error messages appearing in LDIF export.
  • More graceful handling of errors when accessing a LDAP server with very paranoid security settings (no anon bind, explicit bind required, etc.).

New in web2ldap 1.1.49 (Dec 16, 2013)

  • New features/enhancements:
  • Group administration UI now generates tags with enclosed tags with parent DN of group DN as label. This is very helpful if same group names are used in different subtrees.
  • Security fixes:
  • Fixed possible XSS flaw when displaying group DN and entry data in group administration UI.
  • Bugs fixed:
  • More robust attribute value auto-generation in plugin class w2lapp.schema.plugins.posixautogen.HomeDirectory.homeDirectoryTemplate.
  • More robust parsing of attribute olcSyncrepl.

New in web2ldap 1.1.48 (Nov 25, 2013)

  • New features/enhancements:
  • Added/registered plugin classes for the following MIT Kerberos attributes:
  • krbPwdPolicyReference
  • krbPwdLockoutDuration
  • krbMinPwdLife
  • krbMaxPwdLife
  • Bugs fixed:
  • Fixed LDAP filter in plugin class for krbTicketPolicyReference.
  • Cache for auditContext attribute not flushed.
  • Gracefully handle server explicitly not allowing simple bind requests.

New in web2ldap 1.1.47 (Oct 28, 2013)

  • Bugs fixed:
  • Fixed Python 2.6 compability issued in checkinst.py.
  • Registered more MS AD attributes with plugin class Binary.
  • Exception ldap.STRONG_AUTH_REQUIRED is ignored when reading rootDSE.

New in web2ldap 1.1.46 (Sep 25, 2013)

  • Bugs fixed:
  • Fixed handling search option "exists".

New in web2ldap 1.1.45 (Sep 20, 2013)

  • Bugs fixed:
  • Fixed regression in w2lapp.passwd caused by overzealous code cleaning in 1.1.44.
  • Fixed LDAP URL handling to old behaviour.

New in web2ldap 1.1.44 (Sep 17, 2013)

  • New features/enhancements:
  • New plugin class for OpenLDAP's back-config attribute olcSyncrepl parses the syncrepl statement and shows clickable link based on LDAP URL.
  • Hostname is displayed on the monitor page. This is useful if behind a reverse proxy or load-balancer.
  • Bugs fixed:
  • Error messages in case of LDAP URL parsing error are now properly escaped.
  • Fixed LDAP URL handling to old behaviour.
  • Code cleaning:
  • Several hints/issues fixed found with pychecker.

New in web2ldap 1.1.43 (Sep 2, 2013)

  • New features/enhancements:
  • Improved HTML layout when displaying certificate/CRL.
  • Certificate/CRL viewer now displays OID names also for deeply nested X.500 Name (DNs).
  • CRL viewer now displays CRLReason extension.
  • New plugin module w2lapp.schema.plugins.x509 now contains all the cert/CRL plugin classes and new stub classes for all the LDAP syntaxes defined in RFC 4523.
  • Bugs fixed:
  • Fixed using module pisces.asn1 really optionally (regression introduced in 1.1.42).
  • Fixed Unicode issue in plugin class for Lotus Domino/LDAP attribute dominoCertificate.
  • Added work-around for UnicodeDecodeError if buggy LDAP server (Lotus Domino/LDAP 7.x) returns diagnosticMessage with non-ASCII characters as ISO-8859-1 (Latin1).
  • Code cleaning:
  • New syntax class w2lapp.schema.syntaxes.CSN registered for OpenLDAP attribute types contextCSN, entryCSN and namingCSN.

New in web2ldap 1.1.42 (Sep 2, 2013)

  • New features/enhancements:
  • Additional search roots can be dynamically searched with search parameters specified by searchform_search_root_url
  • Some basic support for displaying crlEntryExtensions.
  • Bugs fixed:
  • The formerly used type of the entry input form is correctly used when representing the input form in case of an error.
  • Fixed displaying an error message for noSuchObject with a matchedDN containing non-ASCII characters.
  • Fixed determining the possible DIT structure rules for a DN containing non-ASCII characters.
  • PEM to DER conversion for certificates and CRLs now uses a more liberal parsing function to deal with various delimiter texts for CA certs.
  • Added a work-around to parse a broken CRL without nextUpdate attribute.

New in web2ldap 1.1.41 (Aug 14, 2013)

  • New features/enhancements:
  • If attribute numSubordinates is present but numAllSubordinates is missing values of numSubordinates are summed up to determine the number of all entries in a subtree (e.g. when displaying the delete form).
  • Code cleaning:
  • w2lapp.delete now consequently uses Python's Format String Syntax internally.

New in web2ldap 1.1.40 (Jul 18, 2013)

  • Bugs fixed:
  • Fixed regression with missing >= filter part in plugin class for pwdExpireWarning.

New in web2ldap 1.1.39 (Jul 18, 2013)

  • Bugs fixed:
  • When generating links to advanced search form with missing form parameters reasonable defaults are set now.
  • Fixed several regressions in search parameter handling.

New in web2ldap 1.1.38 (Jul 16, 2013)

  • New features/enhancements:
  • Error message and fall-back to advanced search form in case IOError is raised during loading template file referenced by searchform_template.
  • DIT content rules referencing an attribute type are listed when displaying the attribute type in schema viewer.
  • Directly referencing object classes and inherited object classes are displayed separately when displaying the attribute type in schema viewer.
  • No-op search control used to determine number of subordinate entries when presenting deletion input form.
  • In case of ldap.FILTER_ERROR being caught the errornous filter is displayed.
  • Advanced search form handling was improved:
  • Table layout.
  • Buttons [+] and [-] extend/shortens search parameter list.
  • Matching rules can be specified.
  • Whenever appropriate the user is redirected back to advanced search form.
  • Various plugin classes now display link to advanced search form instead of simple LDAP filter in expert search form.
  • Bugs fixed:
  • Better error handling in case of invalid certificate/CRLs values.
  • Code cleaning:
  • OpenLDAP's no-op search now isolated in new method MyLDAPObject.noop_search_st().
  • Some code clean-up in w2lapp.searchform.

New in web2ldap 1.1.37 (Jun 25, 2013)

  • New features/enhancements:
  • New class attrs LDAPSyntax.searchSep/readSep/fieldSep used consequently everywhere through class w2lapp.read.DisplayEntry. This enables plugin classes to control how multiple attribute values are separated.
  • Search form parameter filterstr can now be multi-valued and its values are always evaluated along with the other form parameters from basic/advanced search form. This allows to define search form templates with arbitrary additional filters to be combined with user's input in the search form.
  • OpenLDAP's no-op search control is now sent with tight timeout (5 sec) to not overwhelm the server in case many entries have to be checked.
  • Bugs fixed:
  • Corrected determining server name in standalone mode.
  • Fixed Unicode handling of attribute type names when displaying password attributes after changing them.
  • Fixed issue with multiple delsid form parameter sent after re-login.

New in web2ldap 1.1.36 (Jun 18, 2013)

  • Dropped features:
  • Syncing password attributes of ancient Samba 2 schema is not supported anymore. Use Samba 3 instead.
  • Removed inline Javascript frame-buster in favour of sending secure values for HTTP header X-Content-Security-Policy (see Content Security Policy (CSP)). You can add an reference to an external Javascript source file to the template file referenced by html_begin_template.
  • New features/enhancements:
  • Plugin class for pwdChangedTime now displays that a password will never expire.
  • New host-specific parameter passwd_modlist allows to set a custom initial password attribute modification list.
  • New global configuration parameter http_headers allows to define a static dictionary of HTTP headers in the configuration to be sent to the browser in any case.
  • New session ID is generated when login is performed to prevent session fixation attacks.
  • Bugs fixed:
  • Fixed exception plugin class for pwdChangedTime in case the referended password policy entry does not contain pwdMaxAge.
  • Fixed UnicodeError in plugin class DynamicDNSelectList.

New in web2ldap 1.1.35 (May 29, 2013)

  • New features/enhancements:
  • Some improvements to searching for schema elements in the schema viewer.
  • Also absolute date/time of password expiry timestamp is displayed in plugin class for pwdChangedTime.
  • New small plugin module for FreeRADIUS/LDAP schema.
  • Bugs fixed:
  • More robust version number check in sbin/checkinst.py.
  • Timestamp seconds now converted to long integer before transforming it to readable representation to eliminate unnecessary strings in output due to float rounding.
  • The user name taken from login form is now correctely escaped before adding it into a LDAP filter.

New in web2ldap 1.1.32 (May 11, 2013)

  • New features/enhancements:
  • Time before password expiration displayed as hours, minutes, seconds.
  • When submitting several group modifications all failed attempts are collected and displayed with LDAP error information after processing all group modifications.
  • New plugin class w2lapp.schema.syntaxes.Timespan displays time spans as hours, minutes, seconds used for:
  • pwdMinAge
  • pwdMaxAge
  • pwdExpireWarning
  • entryTTL
  • Bugs fixed:
  • Better handling of LDAPError exceptions in case the LDAP server does not support "Who am I?". Especially occured as problem with SASL/GSSAPI bind.
  • Plugin class DNSDomain lower-cases input values before applying the IDNA encoding.

New in web2ldap 1.1.31 (Feb 18, 2013)

  • New features/enhancements:
  • The number of revoked certs is displayed when displaying a CRL.
  • New plugin class for NIS attribute macAddress which sanitizes user input and does reg-ex checking.
  • New plugin module for sudo-ldap.
  • Plugin class for memberURL now strips white-spaces from input values.
  • Bugs fixed:
  • Small fix for displaying LDAP error messages.
  • Fixed handling of class attributes valuePrefix and valueSuffix in plugin class DynamicValueSelectList.
  • Work-around for LDAP URLs with bad search filter passed in as QUERY_STRING in the URL.

New in web2ldap 1.1.30 (Jan 21, 2013)

  • New features/enhancements:
  • The "Who am I?" extended operation is now always used to detect bind-DN rewriting also in case of simple bind.
  • Some more plugin classes in module w2lapp.schema.plugins.pgpkeysrv.
  • Bugs fixed:
  • More liberal regex pattern for sambaAcctFlags.
  • Fixed an exception caused by empty strings in an attribute list when reading an entry.

New in web2ldap 1.1.29 (Jan 21, 2013)

  • New features/enhancements:
  • Schema viewer now displays direct links to DIT content rules referencing the object class displayed.
  • @ character in form parameter search_attrs is now expanded at the client-side to a set of attribute type names. So this works also with LDAP servers not supporting RFC 4529 and it's usable when exporting entries to a table-based format (CSV or Excel).
  • Bugs fixed:
  • Fixed reading attribute gidNumber of sambaGroupMapping entry when generating attribute value for sambaSID.

New in web2ldap 1.1.28 (Dec 28, 2012)

  • Installation and Configuration changes:
  • Python module netaddr can be used as alternate implementation of required classes IPAddress and IPNetwork.
  • New features/enhancements:
  • Error message is displayed in HTML output if there is an string format error in HTML template which caused TypeError internally.
  • New HTML templates for Samba3 LDAP schema.
  • Values for attributes sambaSID are auto-generated if empty.
  • New or existing plugin classes registered for attribute types in Samba3 LDAP schema:
  • sambaDomainName
  • sambaHomeDrive
  • sambaLogonToChgPwd
  • sambaPrimaryGroupSID
  • Bugs fixed:
  • Work-around for missing form field if ldapsession.PasswordPolicyException is caught and w2lapp.passwd.PasswdForm() is invoked directly.
  • @ character is now allowed in form parameter search_attrs to correctly support RFC 4529.

New in web2ldap 1.1.27 (Dec 28, 2012)

  • New features/enhancements:
  • Declared new plugin class for attribute type x509keyUsage
  • Bugs fixed:
  • Fixed Unicode issue in w2lapp.schema.syntaxes.SelectList which affected all classes derived from that.
  • Added dummy value for attribute LDAPSyntax.oid to various base plugin classes to avoid false registration under some circumstances.

New in web2ldap 1.1.26 (Dec 6, 2012)

  • Installation and Configuration changes:
  • Semantics of global configuration parameter session_limit slightly changed. It now defines the time-span after which a new session ID is generated.
  • New features/enhancements:
  • Better error message in case ldap.NO_SUCH_OBJECT was raised when adding entry.
  • Display matchedDN if present in LDAPError exception (e.g. ldap.NO_SUCH_OBJECT).
  • New plugin class for OpenDS/OpenDJ attribute ds-cfg-alternate-bind-dn auto-fills incomplete RDNs based on entry.
  • New plugin class for attribute x509issuer defined in draft-ietf-pkix-ldap-pkc-schema makes it easier to find CA certs in a directory using that schema.
  • When displaying single attribute a new work-around trys to locate cert/CRL attributes which have ;binary transfer type even though the form parameter read_attr (derived from LDAP URL) did not contain it.
  • New plugin class for IP host and network addresses also used for NIS attribute types ipHostNumber and ipNetworkNumber.
  • New or existing plugin classes registered for attribute types in ISC DHCP LDAP schema
  • Bugs fixed:
  • Fixed escaping attribute values when constructing search filter in plugin class w2lapp.schema.plugins.nis.

New in web2ldap 1.1.25 (Dec 6, 2012)

  • New features/enhancements:
  • New host-/backend-specific passwd_template for specifying a template for change password form.
  • After the admin changing another entry's password a link is displayed which can be sent to the user for him/her changing own password immediately if the checkbox in the password form was selected.
  • Added refresh meta tag to section which instructs the browser to automatically redirect to the [Connect] page after session expiration.
  • LDAPSession.who is now set to the DN returned by reading the user entry after bind.
  • Values for attribute memberUid are automatically checked whether an posixAccount entry exists containing the same value in the uid attribute if MemberUID.ldap_url contains a LDAP URL.
  • When setting password of an entry templates defined with host-specific parameter boundas_template are also used to show a more descriptive user name if possible.
  • Added support for retrieving count of all search results by using OpenLDAP's no-op search control (see OpenLDAP ITS#6598).
  • When a user changes own password and chooses to let web2ldap generate it the new password is shown in re-login form message.

New in web2ldap 1.1.24 (Aug 30, 2012)

  • New features/enhancements:
  • Better support for IPv6 (except running in stand-alone mode).
  • A link in context menu displayed with search results allows quick negation of search filter.
  • Plugin class DynamicValueSelectList now has class attributes valuePrefix and valueSuffix for automatically adding a prefix and/or suffix to attribute values derived from a LDAP search.
  • If applying templates in input form would result in duplicate input fields for the same attribute only the first template containing the attribute is used.
  • The status line text displayed behind Bound as: is now based on attributes in the user's entry and a HTML template snippet defined by new host-specific parameter boundas_template.
  • Bugs fixed:
  • Fixed displaying LDAP URLs pointing to remote servers.
  • Plugin classes for dynamic DN or value select lists no longer search for referenced data when called with argument commandbutton=0.
  • DynamicValueSelectList._determineSearchDN does not return DN ending with a comma anymore.
  • A NameError caused by a bug in M2Crypto is caught can ignored.

New in web2ldap 1.1.22 (Jun 24, 2012)

  • New features/enhancements:
  • Using tree delete control is not default in case OpenLDAP was detected as LDAP server.
  • New plugin class for attribute type memberUrl checks various values in the LDAP URL and sends a dummy search to provoke server-side errors to check validity of LDAP URL.
  • LDAP URLs now have more handy links attached depending whether hostport part is empty or not.
  • Bugs fixed:
  • No links are shown in search results by the plugin class for dynamically generated select lists.

New in web2ldap 1.1.21 (Jun 24, 2012)

  • New features/enhancements:
  • [Locate] now allows searching in DNS for internationalized domain names (see RFC 3490).
  • Exception ldap.schema.subentry is now caught and the locally installed fall-back subschema is used.
  • Plugin classes Binary and CertificateRevocationList now display byte count for the attribute value.
  • Bugs fixed:
  • When decoding/encoding DNS names domain components are processed separately to more strictly follow guidelines in RFC 3490.
  • Cleaned up input and error handling in [Locate].
  • ValueError caught and displayed inline in case module M2Crypto is not able to correctly extract notBefore/notAfter attributes from certificates.

New in web2ldap 1.1.20 (Jun 8, 2012)

  • New features/enhancements:
  • Added new values in OID registry and MS AD plugin module for Windows 2012 Server.
  • Bugs fixed:
  • Reverted the behaviour when binding to the server. The whole connection is dropped but reconnecting is done by calling ReconnectLDAPObject.reconnect() (python-ldap 2.4.10 recommended for this).
  • Again fixed UnicodeDecodeError when displaying SASL information in [ConnInfo].
  • The rootDSE is now read after bind before trying to look up user's entry (e.g. by SASL user name after GSSAPI to MS AD).

New in web2ldap 1.1.18 (May 21, 2012)

  • New features/enhancements:
  • Added more values for Exchange to w2lapp.schema.plugins.activedirectory.ObjectVersion but plugin class now behaves like Integer class except when displaying attribute values.
  • SASL information now displayed with API constant names in [ConnInfo].
  • New plugin classes for OpenDS/OpenDJ which display static select list in the entry input form for the following attributes: ds-cfg-certificate-validation-policy, ds-cfg-default-root-privilege-name, ds-cfg-ssl-cipher-suite, ds-cfg-ssl-protocol, ds-privilege-name
  • Bugs fixed:
  • Fixed displaying hex cert serial number.
  • Fixed displaying attribute ds-sync-hist if modification value is not human-readable.
  • Plugin class for pwdPolicySubentry now also searches for entries with object class ds-cfg-password-policy.

New in web2ldap 1.1.16 (May 7, 2012)

  • NEW FEATURES/ENHANCEMENTS:
  • Session tracking control is sent along to the LDAP server with each LDAP request (see draft-wahl-ldap-session) if host-/backend-specific parameter session_track_control is non-zero.
  • For OpenDS / OpenDJ:
  • New plugin classes which displays dynamic select list in the entry input form for the following attributes: ds-cfg-certificate-mapper, ds-cfg-key-manager-provider, ds-cfg-trust-manager-provider
  • New plugin classes which displays static select list in the entry input form for the following attributes: ds-cfg-disabled-privilege, ds-cfg-etime-resolution, ds-cfg-ssl-client-auth-policy, ds-cfg-security-level
  • Registered attribute ds-cfg-identity-mapper with appropriate plugin class.
  • If Python module M2Crypto is installed:
  • Basic information of X.509 certificates is displayed when viewing the LDAP entry.
  • If module pisces is not installed the textual OpenSSL output is displayed as detailed certificate view. Does not work for CRLs yet.
  • BUGS FIXED:
  • Added another work-around for invalid read entry control values received from older OpenLDAP servers: IndexError is now caught when extracting attribute entryUUID from the post read control value when renaming an entry.

New in web2ldap 1.1.13 (Apr 23, 2012)

  • New features/enhancements:
  • Version number displayed along with exception log.
  • Named placeholders are now used with Python's Format String Syntax for login form templates.
  • You have re-edit your own customized login forms!
  • Template for input form also used when renaming an entry (new host-/backend-specific parameter rename_template).
  • The begin of the HTML output is now read from an external template configured with global parameter html_begin. Parameters html_bodybegin and html_head are not used anymore.
  • The initial connect form is now read from an external template configured with global parameter connect_template.
  • The status area is now read from an external template (new host-/backend-specific parameter status_template).
  • DNS SRV RR lookup now extended to non-standard _ldaps._tcp.example.com used with DE-Mail.
  • Bugs fixed:
  • LDAPSyntaxValueError exceptions raised during sanitizing user's input are now caught and appropriate error message is displayed.

New in web2ldap 1.1.8 (Mar 22, 2012)

  • New features/enhancements:
  • More templates for OpenLDAP's cn=config.
  • Bugs fixed:
  • Fixed regression in schema viewer when displaying schema element trees of derived object classes and attribute types.
  • Fixed regression when displaying login form during referral chasing.

New in web2ldap 1.1.5 (Mar 10, 2012)

  • Dropped features:
  • Support for LDAPv2 connections was dropped to speed up connecting to the server. A first anonymous bind request for testing whether a valid LDAPv3 connection was established is not needed anymore.
  • New features/enhancements:
  • Python's Format String Syntax is now used for login form templates. This allows to simply remove placeholders for unneeded input fields.
  • Caveat: If you have customized login forms you have to rework your templates to use this new syntax.
  • New host-/backend-specific configuration parameter searchoptions_template allows to define the input fields for search base, scope etc.
  • Schema viewer explicitly displays USAGE of attribute types.
  • Initial connect and bind was optimized to avoid reading rootDSE and subschema subentry twice.
  • Some more templates translated to German.
  • Bugs fixed:
  • Fixed a regression introduced in 1.1.4 which made it impossible to use encrypted connections (LDAPS or LDAP w/StartTLS) for non-anonymous bind.
  • When displaying an input form ldap.INSUFFICIENT_ACCESS is ignored when reading the superior entry which is only for informational use anyway.
  • If first preferred language is en then the standard HTML templates are used now. The ones shipped with source distribution are considered to be the English templates.
  • Corrected false translations in various HTML templates.

New in web2ldap 1.1.4 (Mar 2, 2012)

  • New features/enhancements:
  • A new SSL context is always initialized for each LDAP connection.
  • Bugs fixed:
  • Fixed validation of attribute values of LDAP syntax Generalized Time to also allow fraction and time zone offset as defined in RFC 4517.
  • Fix for leap years in age calculation in plugin classes for attribute types msPerson::dateOfBirth and schacDateOfBirth.

New in web2ldap 1.1.2 (Feb 27, 2012)

  • New features/enhancements:
  • Search assertion values are normalized via plugin classes if the accompanying search_mode is not a substring search.
  • Bugs fixed:
  • Fixed a regression bug which accidently deleted binary/non-human-readable attributes (e.g. jpegPhoto or userCertificate;binary) when modifying an entry.
  • Stricter regex pattern for checking values of LDAP syntax OID.

New in web2ldap 1.1.1 (Feb 23, 2012)

  • New features/enhancements:
  • Plugin classes for attribute msPerson::dateOfBirth and schacDateOfBirth now display the age of a person.
  • Stricter checks in plugin classes for birthday-related attribute types msPerson::dateOfBirth, schacDateOfBirth and schacYearOfBirth enforce birthday to be in the past.
  • New plugin module w2lapp.schema.plugins.opensshlpk for OpenSSH-LPK.
  • The schema viewer now displays the internally used plugin class for LDAP syntaxes and attribute types. This eases finding plugin class registration errors.
  • Added new experimental plugin module w2lapp.schema.plugins.posixautogen which autogenerates some input values for posixAccount entries (currently only uidNumber and homeDirectory).
  • Make sure you understand what it does internally before enabling it in production!
  • Bugs fixed:
  • LDAPI connections are now also correctly displayed as secured in [ConnInfo].
  • When modifying an entry the modify list now also includes auto-generated attributes.

New in web2ldap 1.1.0 (Feb 17, 2012)

  • The following changes to local system installation are required:
  • Upgrade to Python 2.6.x or newer
  • Upgrade to python-ldap 2.4.0 or newer.
  • New: Modules pyasn1 0.0.13a and pyasn1_modules are required.
  • New features/enhancements:
  • New plugin base class PropertiesSelectList allows to maintain a select list (value/description pairs) in common properties files which are also subject to language-variant resolution like the HTML templates. See msperson.py for example use.
  • Support for various boolean flag LDAPv3 extended controls with a nicer user interface.
  • Delta modification is smarter now when diffing multi-valued attributes leading to smaller modification lists.
  • If the DN of the user's entry could be determined after successful bind this user entry is read and stored in the LDAPSession instance for determining further user preferences and login data.
  • Added support for setting SHA-2 hash password values at the client-side (schemes {SHA256}, {SSHA256}, etc.).
  • Added plugin module for Apple-specific attribute types.
  • Experimental CSV and Excel export without any formatting parameters.
  • The following HTTP headers are always sent to avoid security/privacy problems:
  • X-Content-Type-Options: nosniff Switch off MIME-type guessing in MS IE 8+
  • X-XSS-Protection: 0 Cross-Site Scripting Protection for MS IE
  • X-DNS-Prefetch-Control: off Switch off DNS prefetching
  • Strict-Transport-Security: max-age=15768000 ; includeSubDomains Enforce HTTPS, only sent when accessed via HTTPS (see draft-hodges-strict-transport-sec)
  • X-FRAME-OPTIONS: DENY Deny use of frames completely to avoid click-jacking (see Using X-FRAME-OPTIONS)
  • The search form now contains a select field for a modification time interval. This automatically extends the filter string restricting the results by attributes createTimestamp and modifyTimestamp relative to the current time.
  • The line dn: in LDIF templates can now optionally also contain a whole distinguished name, not only a RDN. In this case the DN portion after the RDN is interpreted as base DN under which the new entry is to be added.
  • New method GeneralizedTime.sanitizeInput() converts to a correct timestamp if only a date without time part was given as input.
  • The Assertion Control is used when sending a modify request if the seems to support it to prevent the server to process the request if the entry has been changed in between (see RFC 4528). Host-specific parameter modify_constant_attrs is used to generate the assertion filter.
  • Group adminstration now handles limits more gracefully.
  • Partial search results are returned in exported data (LDIF, DSML, CSV, Excel) even if an administrative limit was hit.
  • Deleting attributes from an entry is now much more flexible in the UI and can be done with appropriate LDAPv3 ext. controls. One use-case is removing operational password policy attributes which cannot be edited in the normal input form.
  • Additional LDAPv3 ext. controls can be also used when deleting entries.
  • Added refreshing dynamic entry with extended operation (see RFC 2589).
  • Password policy control sent and received for displaying password warnings and guide the user to change the password (see draft-behera-ldap-password-policy).
  • Added support for Authorization Identity Request and Response Controls (see RFC 3829).
  • Dropped features:
  • Support for setting the old and insecure LAN manager password hash attribute lmPassword/sambaLMPassword along with the userPassword was dropped.
  • Support for running as SCGIServer was removed since nobody (including me) ever used it.
  • Changes in the UI:
  • Output is now HTML5.
  • New style sheet(s) which look much better now.
  • When adding/modifying an entry some information of the superior entry is displayed if inputform_supentrytemplate is defined. This is user-friendly especially when the superior DN does not contain attribute values easily recognizable by humans.
  • The connection type (LDAP, LDAP with StartTLS ext.op., LDAPS or LDAPI) can now be specified in the connection form.
  • Specifying LDAP options/controls was moved from [ConnInfo] into a separate module accessible via extra entry in the main menu.
  • When generating the object class select form the operational attribute allowedChildClasses (e.g. available on MS AD) is now honoured to determine which STRUCTURAL object classes are allowed for the new subordinate entry.
  • When generating the input form vendor-specific operational attributes are now honoured to determine whether an attribute is writeable by the bound user. Otherwise only a read-only hidden field is displayed.
  • The schema browser is now directly accessible via extra entry in the main menu.
  • Some improvements for setting the password of an user entry
  • LDAP URLs shown in the UI now have SASL and StartTLS parameters set which were used during connect and last login. This makes it easier for the user to generate bookmark URLs containing StartTLS and SASL bind information.
  • LDAP URL extension x-saslmech is now taken as default for the bind mechanism select list in the login form.
  • [More] and [Fewer] in the advanced search form are now submit buttons and thus user's input entered in the search form so far is preserved. Empty user input is simply ignored and the advanced search form is displayed again.
  • In the monitor web page the LDAP connections are now displayed as table.
  • The list of requested attributes when displaying a single entry can now be altered in a simple input form below the displayed entry. This is handy for attributes which have to be explicitly requested to be returned by the server.
  • The submit button [Search] is now on top of all types of search forms.
  • Fingerprint based on SHA-256 is now displayed for displayed X.509 certificates.
  • When catching ldap.SERVER_DOWN a real error message is now shown instead of just redirecting to the start page. The user has to manually go to the [Connect] page.
  • [ConnInfo] now shows LDAP connection start time and duration.
  • Advanced search form now shows the attribute type's description from the subschema as title in the option value.
  • If the user does not enter a new password in the change password input form a new password is randomly generated and displayed to the user. Length and valid chars of generated passwords can be configured by host-specific parameters passwd_genlength and passwd_genchars.
  • Specific error message text for numeric codes returned by MS AD is displayed in case of ldap.INVALID_CREDENTIALS being raised.
  • Group adminstration now allows to enter a (partial) group name to limit the number of groups found.
  • The password change dialogue has a new input field for enforcing a password change after reset. This sets various attributes depending on what's detected in the subschema (draft-behera-ldap-password-policy, MS AD).
  • The password context menu now contains a link for removing password-related attributes from an entry.
  • Bug fixes:
  • Fixed behaviour when Relax Rules Control is in effect.
  • Fixed regex-checking for attribute pgpKey.
  • Processing of .ldaprc or ldap.conf is now explicitly switched off by setting environment variable LDAPNOINIT=1.
  • Fixed setting cert validation option for StartTLS ext.op. or LDAPS.
  • DESC fields of schema elements are now properly handled as UTF-8 and escaped.
  • Search filter string is now passed through login form (in case of intermediate login before searching is needed).
  • Attributes are now correctly displayed when parameter search_tdtemplate is in effect no matter of the case of attribute type name.
  • Security fixes:
  • [ConnInfo]: All values coming from HTTP headers are now fully escaped to avoid XSS attacks based on manipulated HTTP headers.
  • More escaping when displaying error messages from untrusted sources to avoid XSS attacks by manipulated LDAP servers.
  • Code cleaning:
  • Support for psyco was dropped since the project seems to be unmaintained.
  • Many changes/fixes towards a more consequent use of Unicode objects.
  • Completely reworked control parameter handling in [Params] for setting controls (formerly in [ConnInfo].
  • Deprecated module sets is not imported anymore.
  • Removed unused functions in module msbase.
  • Removed unused functions in module ldaputil.base.
  • New submodule ldaputil.extldapurl.
  • Consequent use of BooleanType with values True and False where appropriate.
  • Dropped support for reading cn=config attribute database on old LDAPv2 Umich servers.
  • Caching was removed from class ldap.LDAPSession and is now solely done in class ldapsession.LDAPObject. Uncaching single entries is now more reliable in new method ldapsession.LDAPObject.uncache_entry().
  • Consistent use of module hashlib in Python's standard lib also for MD4 so no need for installing additional modules for MD4 anymore.
  • Cleaned up inconsistent use of tabs and spaces (runs with python -tt now).
  • Dropped configuration parameter web2ldapcnf.misc.print_rawutf8 since all browsers accept UTF-8 today.

New in web2ldap 1.1.0 Alpha 4 (Aug 17, 2009)

  • Full support for DIT structure rules and name forms, various enhancements to user interface, many additions/improvements for plug-in classes/modules.

New in web2ldap 1.0.29 (Aug 8, 2009)

  • Note: This is the last release guaranteed to support Python 2.3!For various reasons you should seriously consider to upgrade your local Python installation.
  • Various code-cleaning regarding a more consequent distinction of UnicodeType and StringType data.
  • Multiple space characters in DNs and attribute values are now correctly displayed.
  • Added a fall-back behaviour for older Python versions when registering T.61 codecs.
  • In expert search form the HTML attribute maxlength is now set to the same values like specified for form parameters search_filterstr and search_attrs.
  • If no values are entered into the advanced search form no search request with invalid filter is sent to the LDAP server anymore. Instead an error message is displayed.
  • Fix for the group administration: Caching is now disabled when searching group entries the current entry is member of.
  • When generating the assertion filter for detecting intermediate changes to edited entries all NON-ASCII chars are now quoted. E.g. with eDirectory cross-checking with binary attribute GUID falsely prevented an entry to be modified.
  • If the template file for a login form could be be read (exception IOError) an error message is displayed to the user.
  • Improvements to plug-in modules/classes:
  • New base class NullTerminatedDirectoryString and registered eDirectory attribute type extensionInfo with that.
  • New class for eDirectory attribute type indexDefinition.
  • Tabs in XML data are now expanded so it looks much nicer.
  • Registered more DirXML-related attribute types with plugin class XmlValue.

New in web2ldap 1.0.27 (Jul 26, 2009)

  • Some improvements were made to the plugin classes.
  • A fix was made for the table input form.

New in web2ldap 1.0.25 (Jul 20, 2009)

  • Serious security fix: After another bind operation StartTLS was disabled. Uumpf!
  • Some small fixes/improvements for plugin classes for Novell eDirectory.

New in web2ldap 1.0.23 (Jul 17, 2009)

  • Support for DIT structure rules, various enhancements to user interface.